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IN THE CLAIMS 

1 . (Currently amended) Apparatus for secure management of data in a computer controlled 
storage system comprising: 

a trusted data management server (tdm server), responsive to a user or user program 
application, for capable of storing data in and retrieving data from a storage system comprising that 
comprises : 

security structure generator means to generate the following security management 

structures: 

an a unique identifier for said data; 
access control information for said data; 

a data signature for authenticating said data from said data and said unique 

identifier; and 

an access control information signature for authenticating said access control 
information from said access control information and said unique identifier. 

2. (Currently amended) The apparatus of claim 1 further comprising: 
encryption means for encrypting: 

said data; and , if itquircd by said tdm serve r , 

said access control information, as well when required bv said tdm server. 

3. (Original) The apparatus of claim 2 wherein said encryption means is adapted to encrypt 
said data and said access control information. 

4. (Currently amended) The apparatus of claim 2 further comprising: 

storage control means for causing said storage means system to store said security 
management structures and said data. 

5. (Original) The apparatus of claim 4 wherein said data is stored in encrypted form. 
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6. (Currently amended) The apparatus of claim 5 further comprising: 

access control means for accessing said data stored in said storage system with said unique 
identifier 

7. (Currently amended) The apparatus of claim 5 6 wherein said access control means 
comprises: 

means responsive to a request from an a user for accessing secured data from said storage 
system, adapted to: 

ictiicving retrieve an a unique identifier for said secured data from said user or storage 

system; 

retrieve from said storage system said security management structures corresponding to said 
s e cured data; and 

carry out the following determination steps: 

determine if said access control information and unique identifier correspond with 
said access control information signature; 

determine if said secured data and its unique identifier correspond with said data 

signature; 

determine if said unique identifier of said access control information corresponds with 
said unique identifier of said secured data; and 

determine whether said access control information permits said user to access said 
secured data; and then grant access to said user to said data if each of said determination steps is 
satisfied, and otherwise refuse access. 

8. (Original) The apparatus of claim 7 wherein said access control means further includes 
means to notify said user if access is refused. 

9. (Original) A system for secure management of data in a computer controlled storage 
system comprising: 
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a trusted data management server (tdm server) accessible to a user or user program 
application; 

storage means managed by a storage server; 

a communication system for connecting said trusted data management server and said storage 
server for the transfer of information therebetween; 

said tdm server being adapted to manage protected data in said storage means with unique 
identifiers, data signatures, access control information, and access control information signatures; 

said storage server being adapted to store protected data, signatures of said data, unique 
identifiers, access information, access information signatures , to permit access of said protected data 
under management of said tdm server. 

10. (Original) A system for the secure management of documents in a database system 
comprising: 

a trusted document management server (tdm server) accessible to a user or user program 
application; 

database storage managed by a database server (db server); 

a communication system for communicating between said trusted document management 
server and said database server; 

wherein said tdm server is adapted to handle requests for managing protected documents in 
said database with unique identifiers and access control information; and 

wherein said db server is adapted to store protected documents, signatures of the documents, 
unique identifiers and access information, signature of said access information, to permit access of 
said protected documents under management of said tdm server. 

1 1 . (Currently amended) The system of claim ! 10 wherein: on the request of a user to create 
and store a protected document in said database storage , 

said tdm server is adapted: 
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to generate one or more random identifiers and request that said db server reserve one of said 
random identifiers as a unique identifier for said document; 

to compute a signature of said document which authenticates a predetermined set of attributes 
including document content, and said unique identifier for said document; 

to create access control information in the form of an access control list; 

to compute a signature of said access control list which authenticates a predetermined set of 
attributes including the access control information content, and said unique identifier for said 
document; and, 

to have said database server store in said database, said document in protected form, its 
signature, said access control list and said signature of said access control list; 

wherein said database server is adapted to verify whether said random identifier does not 
correspond to a unique access number of any other protected document, and if so, to reserve it. 

1 2. (Currently amended) A method for secure management of data in a computer controlled 
storage system comprising: 

in a trusted data management server (tdm server), responsive to a user or user program 
application, for storing data in and retrieving data from a storage system generating the following 
security management structures: 

art a unique identifier for said data; 

access control information for said data; 

a data signature for authenticating said data from said data and said unique identifier; 

and 

an access control information signature for authenticating said access control 
information from said access control information and said unique identifier. 

13. (Original) The method of claim 12 further comprising: 
encrypting said data, or said access control information. 
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14. (Original) The method of claim 13 comprising encrypting said data and said access 
control information. 

15. (Currently amended) The method of claim 13 further comprising: 

causing said storage means system to store said security management structures and said data. 

16. (Original) The method of claim 15 wherein said data is stored encrypted 

17. (Original) The method of claim 16 further comprising: 
accessing said data stored in said storage with said unique identifier 

1 8. (Currently amended) The method of claim 1 6 responsive to a request from arr a user for 
accessing secured data from said storage system, retrieving an a unique identifier for said secured 
data from said user or database storage; 

retrieve from said storage system said security management structures corresponding to said 

secured data; and 

carrying out the following determination steps: 

determine if said access control information and its unique identifier correspond with said 
access control information signature; 

determine if said secured data and its unique identifier correspond with said data signature; 

determine if said unique identifier of said access control information corresponds with said 
secured data; and 

determine whether said access control information permits said user to access said secured 
data; and then granting access to said user to said data if each of said determination steps is satisfied, 
and otherwise refusing access. 

19. (Original) The method of claim 18 including notifying said user if access is refused. 
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20. (Original) In a system for secure management of data in a computer controlled storage 
system comprising: 

a trusted data management server (tdm server) accessible to a user or user program 

application; 

storage means managed by a storage server; 

a communication system for connecting said trusted data management server and said storage 
server for the transfer of information therebetween; 

using tdm server to manage protected data in said storage means with unique identifiers, data 
signatures, access control information, and access control information signatures; 

and storing in said storage means protected data, signatures of said data, unique identifiers, 
access information, access information signatures, to permit access of said protected data under 
management of said tdm server. 

21. (Original) In a system for the secure management of documents in a database system 
comprising: 

a trusted document management server (tdm server) accessible to a user or user program 
application; 

database storage managed by a database server (db server); 

a communication system for communicating between said trusted document management 
server and said database server; 

using said tdm server to handle requests for managing protected documents in said database 
by using unique identifiers and access control information; and 

storing in said database storage protected documents, signatures of the documents, unique 
identifiers and access information, signature of said access information, to permit access of said 
protected documents under management of said tdm server. 
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22. (Original) In the system of claim 2 1 wherein: on the request of a user to create and store 
a protected document in said database, said tdm server generates one or more random numbers and 
request that said db server reserves one of said random numbers as a document access key; 

computes a signature of said document which authenticates a predetermined set of attributes 
including document content, and said document key; 

creates access control information in the form of an access control list; 
computes a signature of said access control list which authenticates a predetermined set of 

attributes including the access control information content, and said document key; and, has 
said database server store in said database, said document in protected form, its signature, said access 
control list and said signature of said access control list. 

23 . (Previously presented) Computer readable storage means for storing instructions for use 
in the execution in a computer system of the method of claim 13. 

24. (Previously presented) Computer readable storage means for storing instructions for use 
in the execution in a computer system for causing the computer system to effect the apparatus of 
claim 1. 

25. (Previously presented) Computer readable storage means for storing instructions for use 
in the execution in a computer system for causing the computer system to effect the system of claim 
9. 

26. (Previously presented) Computer readable storage means for storing instructions for use 
in the execution in a computer system for causing the computer system to effect the system of claim 
10. 

27. (Currently amended) An article of manufacture comprising a computer usable medium 
having computer readable program code means embodied therein for causing secure management 
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of data in a computer controlled storage system}; system, the computer readable program code means 
in said article of manufacture comprising computer readable program code means for causing a 
computer to effect the steps of claim 12. 

28. (Previously presented) Computer readable storage means for storing instructions for use 
in the execution in a computer system for causing a computer system to effect the system of claim 
20. 

29. (Previously presented) Computer readable storage means for storing instructions for use 
in the execution in a computer system for causing a computer system to effect the system of claim 
21. 
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